Welcome to NBlog, the NoticeBored blog

The blogging will continue until morale improves

Apr 29, 2013

Fraud awareness module released

Frauds, scams, swindles and cons involve taking advantage of victims through the use of deception, which is itself a form of social engineering. As such, fraud definitely qualifies as an information security concern, making it a valid topic for the security awareness program. What’s more, fraud is an inherently fascinating subject. The deviously creative nature of fraudsters means they find surprising ways to dupe and manipulate people, processes and systems, undermining or bypassing controls that superficially appear sound.

Fraudsters may exist within or without the organization, sometimes both. Procurement frauds, for instance, often involve dishonest or coerced employees acting in collusion with external suppliers to misappropriate the organization’s funds. Collusion between individuals is a particularly challenging concern in relation to fraud since it negates a very important form of control – the division of responsibilities between individuals.

The breakdown of trust is another problem with fraud, a serious consequence given that commerce and society revolve around trust. I'm deep into Bruce Schneier's latest book Liars and Outliers at the moment, and intrigued by the concept that fraudsters, hackers and other adversaries are 'defectors' who choose to ignore the explicit and implicit rules of society. I'm sure I'll be drawing on that thought in future awareness modules and bloggery.

Anyway, please check out the fraud awareness module and get in touch to subscribe to NoticeBored. Provided you have the time, inclination, skills and expertise, there's nothing to stop you writing your own suite of creative and motivational awareness materials on interesting security topics such as fraud every month ... but how much it will cost you to do that? And wouldn't you rather spend your valuable time interacting with your awareness audiences, not to mention "having a life"?

No comments:

Post a Comment

Hot topic

NBlogger is ...

Dr Gary Hinson PhD MBA CISSP has an abiding interest in human factors - the ‘people side’ as opposed to the purely technical aspects of information security. Gary's career stretches back to the mid-1980s as both practitioner and manager in the fields of IT system and network administration, information security and IT auditing. He has worked and consulted in the pharmaceuticals/life sciences, utilities, IT, engineering, defense, financial services and government sectors, for organizations of all sizes. Since 2003, he has been creating security awareness materials for clients (www.NoticeBored.com) and supporting users of the ISO27k standards (www.ISO27001security.com). In conjunction with Krag Brotby, he wrote "PRAGMATIC security metrics" (www.SecurityMetametrics.com). He is a keen radio amateur, often calling but seldom heard by distant stations on the HF bands.